This blog was written by Nik Vargas, founder of Cybersecurity firm Nimble Defense.
Imagine holding a video conference and, without warning, a stranger enters the meeting and starts screaming at your attendees. Unfortunately, this scenario is becoming more and more common.
This phenomenon, called Zoom-bombing or Zoom hijacking, is the unfortunate product of hackers and less sophisticated internet trolls taking advantage of online meeting technology that has become popular during the COVID-19 pandemic – including Zoom. Not only are hackers entering meetings uninvited, but some are also stealing valuable information on your computers.
Here’s the latest on what we know about Zoom hijacking, and tips for how to protect yourself.
How Do Hackers Hijack Platforms Like Zoom?
When you create a Zoom meeting, there are several options to help secure it, including requiring a code to be entered, establishing a waiting room and only allowing known people to join. If you don’t take these precautions, it is possible for anyone who has your link to enter your Zoom meeting.
It’s important to understand the implications of sharing your meeting link publicly on places like Twitter or Facebook. Doing so can easily make your meeting a target. Without any security measures in place, hackers simply click your link to enter your meeting, allowing them to talk over you or start sharing content on their screen.
Keep your Zoom link private and share it only with people who need it.
Can They Access Webcams?
Zoom meetings can be configured to use voice, web cameras and screen sharing. If there are hackers or hijackers present, they’ll be able to see whatever you decide to share with your intended audience. This includes seeing the faces of everyone in the meeting if webcams are used.
What Other Information on My Computer Can They Access?
Luckily, Zoom meetings don’t share a lot of information about the individual computers connected to the meeting.
But, if a Zoom bomber is watching the presenter sharing their screen, it is pretty easy to deduce if they are using a Mac or Windows PC. Hackers will also be able to see the applications the presenters are using or have installed. This information alone is valuable and could be used in a follow-up phishing email attack.
Also, anything said or shared can be captured by the unwanted participant during the meeting through various means. They can use screen recording software to capture every minute of the meeting, or simply take meticulous notes. Keep this in mind when conducting meetings on sensitive business information, and be sure all security measures are in place before the meeting starts.
Are There Safer Platforms Than Zoom?
All video conferencing platforms may have different vulnerabilities at various times in their development. Right now, Zoom is one of the most popular, so it has a big bullseye on its back. But, that doesn't mean that it's any less safe than other collaboration apps, or that it's inherently dangerous to use. Safety precautions must be used on all video conferencing platforms, regardless.
What Tips Can Help Protect My Meetings?
· Never share your Personal Meeting ID or meeting link publicly.
· Require a meeting password and only share it with the desired participants.
· Use the waiting room feature and only admit attendees you invited.
· Use only work or school email addresses for easy identification.
· Disable file transfers, so no malicious content can be uploaded.
· Set your screen sharing to Host-Only, so no one else can present content.
· Lock the meeting by clicking “Participants” at the bottom of your Zoom window. In the “Participants” pop-up, click the button that says, “Lock Meeting.” Before locking your meeting, be sure to mute and disable video for all participants, just in case.
Platforms like Zoom are critical as people and businesses try to stay connected during the COVID-19 pandemic. It’s unfortunate that there are people ready to take advantage of these situations by Zoom bombing and hijacking, but the good news is that this can easily be avoided with just a few extra levels of protection.